RE: Second draft of CyberCrime Treaty Statement

• To: cve-editorial-board-list@lists.mitre.org
• Subject: RE: Second draft of CyberCrime Treaty Statement
• From: "Steven M. Christey" <coley@linus.mitre.org>
• Date: Wed, 10 May 2000 16:19:58 -0400 (EDT)
• Delivery-Date: Wed May 10 16:20:16 2000
• Sender: owner-cve-editorial-board-list@lists.mitre.org

I agree with David LeBlanc and Gene Spafford that we should come up
with a final draft, then ask people to sign it.  I wasn't clear,
sorry...

Here's what I see as a plan of action, with some overlap between the
different items:

1) Participating Board members finish and agree to a statement

2) Each participating Board member works with their organization to
   see if the organization itself can support it

3) Participating Board members endorse the agreement, as individuals
   or as an organization-wide endorsement

4) Identify a coordinator for outreach efforts

5) Each participating Board member performs their own outreach to
   their own contacts, and works with the coordinator, who maintains
   the "master list" of endorsements.

6) If any serious, near-unanimous concerns are expressed with the
   statement, *consider* making modifications.

Below are some of my editing comments on the draft.  Dave Mann, are
you coordinating your later drafts with Adam Shostack?  Who is the
"official holder" of the draft at this point?

Spaf suggested moving away from referring to ourselves as "experts"
and instead using "professionals" or related terms.  I agree with
this, and another Board member suggested a similar modification in a
private email.

I agree with David LeBlanc that we shouldn't specifically mention
"young security enthusiasts who behave unethically" - but on the other
hand, it's the free exchange of information that helps talented but
inexperienced people to learn and make contributions of their own.
(For example, how many high-quality posters to *Bugtraq with unknown
hat colors have been snapped up by security companies?)  So I think we
need to address this *somehow*, because some "young enthusiasts" with
white hats may not be recognized as professionals.

I suggest that we not mention funding at all.

I also agree with others that we shouldn't mention Stackguard.

- Steve

• Follow-Ups:
  • 5th Draft - CyberCrime Treaty Statement
    • From: Dave Mann <dmann@bindview.com>
  • Re: Second draft of CyberCrime Treaty Statement
    • From: Stuart Staniford <stuart@silicondefense.com>
  • Re: Second draft of CyberCrime Treaty Statement
    • From: Adam Shostack <adam@homeport.org>

• Prev by Date: Re: Second draft of CyberCrime Treaty Statement
• Next by Date: RE: Third SHORTENED Draft of CyberCrime Treaty Statement
• Prev by thread: RE: Second draft of CyberCrime Treaty Statement
• Next by thread: 5th Draft - CyberCrime Treaty Statement
• Index(es):
  • Date
  • Thread